to the server config file.This also worked fine, except, I need to unrevoke the certificate now and I can't get that to work. To unrevoke this certificate I editted the index.txt file and changed the R of the specific certificate to V. Further more, and here's where it fails, I'm trying the command:

I suspect this is the culprit: "WARNING: can't open config file: /etc/ssl/openssl.cnf". How do I make the openssl command to look for the right folder instead of "/etc/ssl/openssl.cnf" ? Because that looks like a Linux location to me. Or if that has nothing to do with my issues, how can I unrevoke a client certificate on OpenVPN for Windows?

Thanks for your response. There is no openssl.cnf in C:\Program Files\openvpn\bin\, however there is an openssl-1.0.0.cnf in C:\Program Files\openvpn\easy-rsa so I created c:\etc\ssl, copied the file to that location and renamed it to openssl.cnf but I get the same errors only without the can't open config file warning.

Using configuration from openssl-1.0.0.cnfentry 3: not revoked yet, but has a revocation date

Although all guides tell me to edit the index.txt and change the R to V before using the openssl command, this seem to cause the above output so I changed back the previously editted V back to R in index.txt and after that I used the openssl command which gives me no erros and generates the new crl.pem file. Is it save to assume that I first issue the openssl command and after that edit the index.txt file to change to the R to V? Is that the right way? Or am I missing something?

edit:And I still can't seem to connect with the unrevoked certificate, so I guess something is not right. Still wondering about the correct order though.

8dqqz wrote:And I still can't seem to connect with the unrevoked certificate, so I guess something is not right

Presumably, because the date is still present.

I cannot recommend what you are trying to do because in all probability you will damage your PKI beyond repair and be left with security flaws. The recommended approach is to issue a new cert+key to your client.